More than a decade after the Islamic terrorists who attacked the U.S. obtained driver’s licenses in various states the Department of Homeland Security (DHS) has failed to implement an effective plan to prevent extremists from exploiting the system’s vulnerabilities.

In fact, fake documents can still be used to easily get a valid driver’s license or state-issued identification, according to a federal audit made public this month by the investigative arm of Congress, the Government Accountability Office (GAO). It’s as if the security officials responsible for protecting the country have learned nothing from the horrific 2001 terrorist attacks.

When authorities confirmed that several of the 9/11 hijackers had exploited weaknesses in the way states across the country issue driver’s licenses, a national identification measure (Real ID Act) was enacted to verify the authenticity of every driver’s license applicant. It was recommended by the 9/11 Commission and forces states to require that documents—such as a birth certificate or passport—submitted to get the card are legitimate and that the applicant is in the United States legally.

The goal is to establish a much-needed standardized national driver’s license system that will be less prone to fraud and will prevent terrorists from abusing it as did several of the 9/11 hijackers. New Mexico and Washington State still allow illegal immigrants to get driver’s licenses and Utah offers them a special driving privilege card that can’t be used as official government identification.

Under the Real ID Act, which has been postponed several times, a newly created federal database will link all licensing data that must be checked before states issue new cards. Residents of states that don’t comply with the law will be greatly inconvenienced because their driver’s licenses will not be accepted as proof of identification at airports, federal buildings or when applying for any sort of federal benefits.

The latest news from the Obama Administration is that the law will finally be implemented by 2013, but it has been a work in progress. The feds are supposed to be working with states towards the common goal of fully implementing it. Instead, states are complaining that DHS has failed to provide an adequate verification system to help them enhance security procedures. As a result criminals can easily steal the identity of a person in one state and use it get a license in another because there is no way to consistently detect such cross-state fraud.

In fact GAO investigators conducting the probe were able to use counterfeit out-of-state driver’s licenses and birth certificates to fraudulently obtain licenses in three states under fictitious identities. They used a mixture of names, Social Security numbers, birth dates and counterfeit documents. In two states investigators managed to get two licenses with different names using only one person’s face.

These are the same techniques that the 9/11 hijackers used to get dozens of driver’s licenses and official state ID cards as they planned their attacks. Besides terrorism, the GAO points out that driver’s license fraud can have significant financial and domestic security consequences. In 2010 alone, more than 8 million Americans were victims of identity theft totaling $37 billion, the report says.

DHS doesn’t seem terribly concerned, however. Despite the approaching January 2013 compliance deadline, investigators say the agency has failed to provide timely, comprehensive or proactive guidance on how states can meet the identity verification requirements. Here is the icing on the cake; “DHS did not concur with these recommendations, saying its ongoing efforts are sufficient.”